SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL 2008 calls the login account Suspicious account


SQL 2008 calls the login account Suspicious account

Author
Message
1samharris
1samharris
SSC Rookie
SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)

Group: General Forum Members
Points: 39 Visits: 11
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.
the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks
Elliott Whitlow
Elliott Whitlow
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24174 Visits: 5314
1samharris (6/25/2013)
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.
the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks

Your post is kind of unclear. Subnet differences (provided the difference subnets can talk to each other) are a non-issue for SQL and for AD. This "suspicious" message that you are getting where is it coming from SQL? AD? SharePoint? Please post the EXACT error message.

Also are you sure they are in the domain and not in a workgroup with the same name as the domain?

CEWII
1samharris
1samharris
SSC Rookie
SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)

Group: General Forum Members
Points: 39 Visits: 11
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)
The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452

Thanks
Elliott Whitlow
Elliott Whitlow
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24174 Visits: 5314
Ok that tells me that the account that is trying to access the SQL is from an AD domain that is different than the one that SQL is in AND that the AD domain SQL is on does not trust the one being used. Which I'm guessing is something like this:

DMZDomain\SharepointSQLUser
InternalDomain\SQLServiceUser

The DMZDomain would rarely be trusted by the InternalDomain but the InternalDomain would often be trusted by the DMZDomain if communication were allowed between them..

That error message is pretty clear, sharepoint is trying to use a login that is not trusted by the domain. As a side note I think I have seen this error when logged into a local account on a machine that was then trying to use trusted authentication to SQL.

CEWII
1samharris
1samharris
SSC Rookie
SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)

Group: General Forum Members
Points: 39 Visits: 11
Actually there is only one domain and all elements discussed
Are members of the same domain. That is what is trange
Elliott Whitlow
Elliott Whitlow
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24174 Visits: 5314
Are the sharepoint services logging in with a domain account? Basically are you sure sharepoint is trying to connect using the credentials you think it is? Was the sharepoint computer in another domain when sharepoint was installed?

I'm grasping here for anything, because I agree, its weird.

CEWII
1samharris
1samharris
SSC Rookie
SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)

Group: General Forum Members
Points: 39 Visits: 11
SharePoint services I think will start once you go through the configuration, which what I was going thourgh on the second screen where it asks to sql server and credentials. therefore the services are not up yet.

Now I started thinking about Kerberos, I am using NTLM, I know that SharePoint would ask for that but I have not even gotten to that part yet.

Also worth mentioning, this is on Amazon hosting with a VPS.
Thanks
kevaburg
kevaburg
SSCarpal Tunnel
SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)

Group: General Forum Members
Points: 4511 Visits: 1025
1samharris (6/25/2013)
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)
The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452

Thanks


They aren't two subnets. The mask /16 represents 10.0.x.x. The problem is not there as we seem to be looking at a single subnet.

Have you checked that TCP\IP is enabled within the SQL Configuration Manager and that the SQL Server Browser Service is enabled in the Windows Services?
1samharris
1samharris
SSC Rookie
SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)SSC Rookie (39 reputation)

Group: General Forum Members
Points: 39 Visits: 11
UPDATE: Since this is an instance under Amazon AWS, I created a ticket and eventually got help.
the issues ended up to be not related to sharepoint or SQL, it was a security conflict between two policies, one governing the internal subnet and one governing the DMZ.
Within those two, I did not have EXPLICIT exception to allow certain traffic between both.
Thank you guys for your informative questions.
Elliott Whitlow
Elliott Whitlow
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24174 Visits: 5314
Thanks for the update.

CEWII
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search